CircleCI, a San Francisco-based company that specializes in continuous integration and delivery solutions, on Thursday informed customers that some of their information may have been exposed through a third-party analytics vendor.
The DevOps firm said it became aware on August 31 that an attacker had gained access to some user data in its vendor account. An investigation is ongoing, but so far it appears that the incident impacts customers who accessed the CircleCI platform between June 30, 2019, and August 31, 2019.
“On August 31st at 2:32 p.m. UTC, a CircleCI team member saw an email notification from one of our third-party analytics vendors and suspected that unusual activity was taking place in this particular vendor account. The employee immediately forwarded the email to our security and engineering teams, at which point a comprehensive investigation was launched and steps were taken to ensure the situation was contained,” the company told customers.
The exposed data includes usernames and email addresses associated with Bitbucket and GitHub, user IP addresses, and user agent strings. Organization names, repository names and URLs, branch names, and repo owners may have also been exposed, CircleCI said.
However, the company claims the attacker did not gain access to any user secrets, build logs or artifacts, source code, or any other production data. Passwords, authentication tokens and financial information should also be safe.
CircleCI says the incident is unlikely to result in identity theft and assured customers that their builds and source code are not at risk. Customers have been told that they should be able to access and use the CircleCI platform without any problems, and they do not need to change passwords or revoke authentication toke ..
Support the originator by clicking the read the rest link below.
